Skip to content

Commit

Permalink
Merge branch 'main' into release
Browse files Browse the repository at this point in the history
  • Loading branch information
@ArchiFleKs
ArchiFleKs committed Apr 12, 2023
2 parents 3d3fc9e + f8a7164 commit 3ec486a
Show file tree
Hide file tree
Showing 19 changed files with 636 additions and 422 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/stale-actions.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ jobs:
stale:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v7
- uses: actions/stale@v8
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
# Staling issues and PR's
Expand Down
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
.terragrunt-cache
.terraform
.terraform.lock.hcl
.idea
10 changes: 8 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,8 +137,9 @@ No modules.
| [helm_release.kube-prometheus-stack](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.kyverno](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.kyverno-crds](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.linkerd-control-plane](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.linkerd-crds](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.linkerd-viz](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.linkerd2](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.linkerd2-cni](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.loki-stack](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.metrics-server](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
Expand All @@ -160,6 +161,7 @@ No modules.
| [kubectl_manifest.csi-external-snapshotter](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
| [kubectl_manifest.kong_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
| [kubectl_manifest.linkerd](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
| [kubectl_manifest.linkerd-viz](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
| [kubectl_manifest.prometheus-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
| [kubectl_manifest.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
| [kubectl_manifest.tigera-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
Expand All @@ -177,8 +179,8 @@ No modules.
| [kubernetes_namespace.kong](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.kube-prometheus-stack](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.kyverno](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.linkerd](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.linkerd-viz](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.linkerd2](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.linkerd2-cni](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.loki-stack](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.metrics-server](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
Expand Down Expand Up @@ -207,6 +209,7 @@ No modules.
| [kubernetes_network_policy.flux_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.ingress-nginx_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.ingress-nginx_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.ingress-nginx_allow_linkerd_viz](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.ingress-nginx_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.ingress-nginx_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.ingress-nginx_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
Expand All @@ -233,6 +236,8 @@ No modules.
| [kubernetes_network_policy.kube-prometheus-stack_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.kyverno_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.kyverno_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.linkerd-viz_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.linkerd-viz_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.linkerd-viz_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.linkerd-viz_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.linkerd2-cni_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
Expand Down Expand Up @@ -341,6 +346,7 @@ No modules.
| <a name="input_kube-prometheus-stack"></a> [kube-prometheus-stack](#input\_kube-prometheus-stack) | Customize kube-prometheus-stack chart, see `kube-prometheus-stack.tf` for supported values | `any` | `{}` | no |
| <a name="input_kyverno"></a> [kyverno](#input\_kyverno) | Customize kyverno chart, see `kyverno.tf` for supported values | `any` | `{}` | no |
| <a name="input_labels_prefix"></a> [labels\_prefix](#input\_labels\_prefix) | Custom label prefix used for network policy namespace matching | `string` | `"particule.io"` | no |
| <a name="input_linkerd"></a> [linkerd](#input\_linkerd) | Customize linkerd chart, see `linkerd.tf` for supported values | `any` | `{}` | no |
| <a name="input_linkerd-viz"></a> [linkerd-viz](#input\_linkerd-viz) | Customize linkerd-viz chart, see `linkerd-viz.tf` for supported values | `any` | `{}` | no |
| <a name="input_linkerd2"></a> [linkerd2](#input\_linkerd2) | Customize linkerd2 chart, see `linkerd2.tf` for supported values | `any` | `{}` | no |
| <a name="input_linkerd2-cni"></a> [linkerd2-cni](#input\_linkerd2-cni) | Customize linkerd2-cni chart, see `linkerd2-cni.tf` for supported values | `any` | `{}` | no |
Expand Down
57 changes: 30 additions & 27 deletions helm-dependencies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,22 +27,22 @@ dependencies:
version: 0.3.11
repository: https://aws.github.io/eks-charts
- name: cert-manager
version: v1.11.0
version: v1.11.1
repository: https://charts.jetstack.io
- name: cert-manager-csi-driver
version: v0.5.0
repository: https://charts.jetstack.io
- name: cluster-autoscaler
version: 9.26.0
version: 9.28.0
repository: https://kubernetes.github.io/autoscaler
- name: external-dns
version: 1.12.1
version: 1.12.2
repository: https://kubernetes-sigs.github.io/external-dns/
- name: flux
version: 1.13.3
repository: https://charts.fluxcd.io
- name: ingress-nginx
version: 4.5.2
version: 4.6.0
repository: https://kubernetes.github.io/ingress-nginx
- name: istio-operator
version: 1.7.0
Expand All @@ -60,37 +60,40 @@ dependencies:
version: 18.4.0
repository: https://codecentric.github.io/helm-charts
- name: kong
version: 2.16.5
version: 2.19.0
repository: https://charts.konghq.com
- name: kube-prometheus-stack
version: 45.7.1
version: 45.9.1
repository: https://prometheus-community.github.io/helm-charts
- name: kyverno
version: 2.7.1
version: 2.7.2
repository: https://kyverno.github.io/kyverno/
- name: kyverno-crds
version: v2.0.3
repository: https://kyverno.github.io/kyverno/
- name: linkerd2
repository: https://helm.linkerd.io/edge
version: 21.12.3
- name: linkerd2-cni
repository: https://helm.linkerd.io/edge
version: 21.12.4
version: 30.8.0
repository: https://helm.linkerd.io/stable
- name: linkerd-control-plane
version: 1.12.0
repository: https://helm.linkerd.io/stable
- name: linkerd-crds
version: 1.6.0
repository: https://helm.linkerd.io/stable
- name: linkerd-viz
repository: https://helm.linkerd.io/edge
version: 21.12.4
version: 30.8.0
repository: https://helm.linkerd.io/stable
- name: loki-stack
version: 2.9.9
version: 2.9.10
repository: https://grafana.github.io/helm-charts
- name: loki
version: 4.8.0
version: 5.0.0
repository: https://grafana.github.io/helm-charts
- name: promtail
version: 6.9.3
version: 6.10.0
repository: https://grafana.github.io/helm-charts
- name: metrics-server
version: 3.8.4
version: 3.9.0
repository: https://kubernetes-sigs.github.io/metrics-server/
- name: node-problem-detector
version: 2.3.4
Expand All @@ -102,10 +105,10 @@ dependencies:
version: 0.24.0
repository: https://prometheus-community.github.io/helm-charts
- name: prometheus-blackbox-exporter
version: 7.6.1
version: 7.7.0
repository: https://prometheus-community.github.io/helm-charts
- name: rabbitmq-cluster-operator
version: 3.2.7
version: 3.2.10
repository: https://charts.bitnami.com/bitnami
- name: scaleway-webhook
version: v0.0.1
Expand All @@ -117,25 +120,25 @@ dependencies:
version: 0.34.0
repository: https://strimzi.io/charts/
- name: thanos
version: 12.3.1
version: 12.4.2
repository: https://charts.bitnami.com/bitnami
- name: tigera-operator
version: v3.25.0
version: v3.25.1
repository: https://docs.projectcalico.org/charts
- name: traefik
version: 21.2.0
version: 22.1.0
repository: https://helm.traefik.io/traefik
- name: memcached
version: 6.3.13
version: 6.3.14
repository: https://charts.bitnami.com/bitnami
- name: vault
version: 0.23.0
version: 0.24.0
repository: https://helm.releases.hashicorp.com
- name: velero
version: 3.1.4
version: 3.1.6
repository: https://vmware-tanzu.github.io/helm-charts
- name: victoria-metrics-k8s-stack
version: 0.14.16
version: 0.14.17
repository: https://victoriametrics.github.io/helm-charts/
- name: yet-another-cloudwatch-exporter
version: 0.14.0
Expand Down
26 changes: 26 additions & 0 deletions ingress-nginx.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -230,3 +230,29 @@ resource "kubernetes_network_policy" "ingress-nginx_allow_control_plane" {
policy_types = ["Ingress"]
}
}

resource "kubernetes_network_policy" "ingress-nginx_allow_linkerd_viz" {
count = local.ingress-nginx["enabled"] && local.linkerd-viz["enabled"] && local.ingress-nginx["default_network_policy"] ? 1 : 0

metadata {
name = "${kubernetes_namespace.ingress-nginx.*.metadata.0.name[count.index]}-allow-linkerd-viz"
namespace = kubernetes_namespace.ingress-nginx.*.metadata.0.name[count.index]
}

spec {
pod_selector {
}

ingress {
from {
namespace_selector {
match_labels = {
name = local.linkerd-viz["namespace"]
}
}
}
}

policy_types = ["Ingress"]
}
}
Loading

0 comments on commit 3ec486a

Please sign in to comment.